Author Topic: Slow Loading of Taskbar (Read 1496 times)

szaku · « **on:** January 26, 2008, 01:37:51 AM »

Recently i hv been suffering from low loading of the windows taskber. Whenever I hv gone into windows, the Taskbar freezes for a few minutes, i knw it was loading something. I am not sure whether i m attacked by a spyware or what. And i realise some of the icon in the tray beside the Clock has lost. Below is my HJT Log.

Logfile of HijackThis v1.99.1
Scan saved at 2:40:30 PM, on 1/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
D:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
D:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
D:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
D:\WINDOWS\system32\Rundll32.exe
D:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\HijackThis.exe

O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - D:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: ThunderBHO - {06849E9E-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\PROGRA~2\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [CTSysVol] D:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124520174296
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://playroom.icq.com/odyssey_web11.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\PROGRA~2\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - D:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - D:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - D:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: klogon - D:\WINDOWS\system32\klogon.dll
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - D:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

szaku · « **Reply #1 on:** February 28, 2008, 11:21:03 PM »

Can anybody help me pls.

guestolo · « **Reply #2 on:** February 28, 2008, 11:31:07 PM »

Sorry I missed your earlier post

Can you do the following
Access your Add/remove programs and uninstall Hijackthis 1.99.1
We're going to update it
After you remove it
Download Hijackthis Installer from [color=\"#FF0000\"]HERE[/color]
For an alternate download location, you can try HERE
SAVE it to your desktop
Double click on HJTInstall.exe to run it
Choose Install

Hijackthis v2.0.2 will open
After it is installed and opened, can you just close it out for now
we'll use it in a bit

Then do the following
Download [color=\"#008000\"]Deckard's System Scanner (dss.exe)[/color] to your desktop.
Close all applications and windows.
Double-click on dss.exe to run it and follow the prompts.
When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post back just the Whole contents of Main.txt and extra.txt

szaku · « **Reply #3 on:** March 01, 2008, 06:37:04 AM »

Main.txt Result:

Deckard's System Scanner v20071014.68
Run by Saw2 on 2008-03-01 19:40:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
7: 2008-03-01 11:40:56 UTC - RP7 - Deckard's System Scanner Restore Point
6: 2008-02-29 13:40:18 UTC - RP6 - System Checkpoint
5: 2008-02-28 12:48:15 UTC - RP5 - System Checkpoint
4: 2008-02-27 12:27:41 UTC - RP4 - System Checkpoint
3: 2008-02-26 12:17:46 UTC - RP3 - System Checkpoint

-- First Restore Point --
1: 2008-02-25 09:03:36 UTC - RP1 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Saw2.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:42:42 PM, on 3/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\Rundll32.exe
D:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\Windows Media Player\wmplayer.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
D:\Documents and Settings\Saw2\Desktop\dss.exe
D:\PROGRA~1\TRENDM~1\HIJACK~1\Saw2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - D:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: ThunderBHO - {06849E9E-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\PROGRA~2\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [CTSysVol] D:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124520174296
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://playroom.icq.com/odyssey_web11.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\PROGRA~2\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - D:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 5013 bytes

-- File Associations -----------------------------------------------------------

[color=\"red\"].vbs - XingMpeg - DefaultIcon - D:\Program Files\Xing\XingMPEG Player\xmplayer.exe[/color]
[color=\"red\"].vbs - XingMpeg - shell\open\command - "D:\Program Files\Xing\XingMPEG Player\xmplayer.exe" %1[/color]
[color=\"red\"].vbs - XingMpeg - shell\edit\command - unable to read value[/color]

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - d:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - d:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 NPPTNT - d:\windows\system32\npptnt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
R1 sf (SFI Service) - d:\windows\system32\drivers\sf.sys <Not Verified; Sonic Focus, Inc; Sonic Focus DSP service driver>
R2 DgiVecp (Team MFP Comm Driver) - d:\windows\system32\drivers\dgivecp.sys <Not Verified; DeviceGuys, Inc.; DeviceGuys, Inc. Team MFP for Windows NT, 9x, and 3.1>
R2 iSMBIOS - d:\windows\system32\drivers\ismbios.sys <Not Verified; Intel Corporation; Intel® Active Monitor>
R2 SIODRV - d:\windows\system32\drivers\siodrv.sys <Not Verified; Intel Corporation; Intel® Active Monitor>
R3 Pcouffin (Low level access layer for CD devices) - d:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 pfc (Padus ASPI Shell) - d:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 SMBios (Intel ® System Managment BIOS Service) - d:\windows\system32\drivers\smbios.sys <Not Verified; Intel Corporation; Intel ® System Managment BIOS Driver>
R3 smbusp (Intel® SMBus 2.0 Driver) - d:\windows\system32\drivers\smb.sys <Not Verified; Intel Corporation; Intel® SMBus Controller>

S3 aeaudio - d:\windows\system32\drivers\aeaudio.sys (file missing)
S3 BtAudio (Bluetooth Audio) - d:\windows\system32\drivers\btaudio.sys (file missing)
S3 BTDriver (Bluetooth Virtual Communications Driver) - d:\windows\system32\drivers\btport.sys (file missing)
S3 BTWDNDIS (Bluetooth LAN Access Server) - d:\windows\system32\drivers\btwdndis.sys (file missing)
S3 BTWUSB (WIDCOMM USB Bluetooth Driver) - d:\windows\system32\drivers\btwusb.sys (file missing)
S3 catchme - d:\docume~1\sawfam~1\locals~1\temp\catchme.sys (file missing)
S3 dump_wmimmc - d:\windows\system32\drivers\dump_wmimmc.sys (file missing)
S3 EagleNT - d:\windows\system32\drivers\eaglent.sys (file missing)
S3 ENTECH - d:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>
S3 MidiSyn - d:\windows\system32\drivers\midisyn.sys (file missing)
S3 NPPTNT2 - d:\windows\system32\npptnt2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
S3 smwdm - d:\windows\system32\drivers\smwdm.sys (file missing)
S3 StMp3Rec (Player Recovery Device Control Driver) - d:\windows\system32\drivers\stmp3rec.sys <Not Verified; Generic; Generic MP3 Player>
S3 XDva004 - d:\windows\system32\xdva004.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 imonNT (Intel® Active Monitor) - c:\program files\intel\intel® active monitor\imonnt.exe <Not Verified; Intel Corp.; Intel® Active Monitor>

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E980-E325-11CE-BFC1-08002BE10318}
Description: Floppy disk drive
Device ID: FDC\GENERIC_FLOPPY_DRIVE\5&35AD0CB2&0&0
Manufacturer: (Standard floppy disk drives)
Name: Floppy disk drive
PNP Device ID: FDC\GENERIC_FLOPPY_DRIVE\5&35AD0CB2&0&0
Service: flpydisk

Class GUID:
Description: Multimedia Audio Controller
Device ID: PCI\VEN_8086&DEV_24D5&SUBSYS_E0018086&REV_02\3&267A616A&0&FD
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_8086&DEV_24D5&SUBSYS_E0018086&REV_02\3&267A616A&0&FD
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Hamachi Network Interface
Device ID: ROOT\NET\0000
Manufacturer: Applied Networking Inc.
Name: Hamachi Network Interface
PNP Device ID: ROOT\NET\0000
Service: hamachi

-- Scheduled Tasks -------------------------------------------------------------

2008-02-29 17:18:12 374 --a------ D:\WINDOWS\Tasks\1-Click Maintenance.job

-- Files created between 2008-02-01 and 2008-03-01 -----------------------------

2008-03-01 19:39:11 0 d-------- D:\Program Files\Trend Micro
2008-02-29 12:24:02 0 d--hs---- D:\FOUND.044
2008-02-25 17:10:22 0 d--hs---- D:\FOUND.043
2008-02-24 11:56:00 0 d-------- D:\Program Files\MSECache
2008-02-17 16:29:36 0 d-------- D:\Documents and Settings\Saw2\pdftohtml
2008-02-05 13:13:37 0 d-------- D:\Program Files\backups

-- Find3M Report ---------------------------------------------------------------

2008-02-25 17:25:28 664 --a------ D:\WINDOWS\system32\d3d9caps.dat
2008-02-18 15:45:58 5542 --a------ D:\WINDOWS\mozver.dat
2008-02-05 13:12:02 5244 --a------ D:\Program Files\hijackthis.log
2008-01-29 19:21:08 1940 --a------ D:\WINDOWS\system32\cid_store.dat
2008-01-28 19:55:30 0 d-------- D:\Documents and Settings\Saw2\Application Data\TuneUp Software
2008-01-28 19:54:56 0 d-------- D:\Program Files\TuneUp Utilities 2008
2008-01-28 19:54:22 0 d-------- D:\Program Files\Common Files\Wise Installation Wizard
2008-01-20 10:55:54 0 d-------- D:\Documents and Settings\Saw2\Application Data\uTorrent
2008-01-19 20:36:50 0 d-------- D:\Documents and Settings\Saw2\Application Data\gtk-2.0

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [06/01/2006 05:22 PM D:\WINDOWS\system32\nwiz.exe]
"P17Helper"="P17.dll" [05/02/2005 08:38 PM D:\WINDOWS\system32\P17.dll]
"CTSysVol"="D:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [02/15/2005 04:10 PM]
"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [06/01/2006 05:22 PM]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [06/28/2007 12:51 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=D:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableCMD"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"=0 (0x0)
"NoMovingBands"=0 (0x0)
"NoCloseDragDropBands"=0 (0x0)
"NoSetTaskbar"=0 (0x0)
"NoToolbarsOnTaskbar"=0 (0x0)
"NoSaveSettings"=0 (0x0)
"NoActiveDesktop"=0 (0x0)
"NoTrayItemsDisplay"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=D:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk
backup=D:\WINDOWS\pss\BTTray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^Saw2^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=D:\Documents and Settings\Saw2\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=D:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"D:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SRS Audio Sandbox]
"G:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=D:\WINDOWS\system32\ctfmon.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4cdac206-cdca-11da-af7c-000d8817be50}]
Auto\command- autoregistry.exe
AutoRun\command- D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autoregistry.exe

-- End of Deckard's System Scanner: finished at 2008-03-01 19:43:48 ------------

Extra.txt :

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.60GHz
CPU 1: Intel® Pentium® 4 CPU 2.60GHz
Percentage of Memory in Use: 47%
Physical Memory (total/avail): 1022.73 MiB / 534.4 MiB
Pagefile Memory (total/avail): 1671.98 MiB / 1244.33 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1935.96 MiB

C: is Fixed (FAT32) - 7.86 GiB total, 0.33 GiB free.
D: is Fixed (FAT32) - 7.86 GiB total, 1.46 GiB free.
E: is Fixed (FAT32) - 7.86 GiB total, 0.38 GiB free.
F: is Fixed (FAT32) - 0.66 GiB total, 0.34 GiB free.
G: is Fixed (FAT32) - 50.23 GiB total, 14.62 GiB free.
H: is CDROM (No Media)
I: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST380011A - 74.53 GiB - 5 partitions
\PARTITION0 (bootable) - Unknown - 7.87 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 66.65 GiB - D: - E: - F: - G:

-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

AV: Kaspersky Anti-Virus v7.0.0.125 (Kaspersky Lab) [color=\"RED\"]Outdated[/color]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\\Program Files\\Thunder\\Program\\Thunder5.exe"="D:\\Program Files\\Thunder\\Program\\Thunder5.exe:*:Enabled:Thunder"
"D:\\Program Files\\Messenger\\MSMSGS.EXE"="D:\\Program Files\\Messenger\\MSMSGS.EXE:*:Enabled:Windows Messenger"
"D:\\Program Files\\uTorrent\\utorrent.exe"="D:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:ÂµTorrent"
"D:\\Program Files\\MSN Messenger\\msnmsgr.exe"="D:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"
"D:\\Program Files\\Skype\\Phone\\Skype.exe"="D:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=D:\Documents and Settings\All Users
APPDATA=D:\Documents and Settings\Saw2\Application Data
CommonProgramFiles=D:\Program Files\Common Files
COMPUTERNAME=ReAct_SawFamily
ComSpec=D:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=D:
HOMEPATH=\Documents and Settings\Saw2
LOGONSERVER=\\ReAct_SawFamily
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=D:\WINDOWS\system32;D:\WINDOWS;D:\WINDOWS\system32\wbem;D:\WINDOWS\system32;D:\WINDOWS;D:\WINDOWS\system32\wbem;D:\WINDOWS\system32;D:\WINDOWS;D:\WINDOWS\system32\wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=D:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=D:
SystemRoot=D:\WINDOWS
TEMP=D:\DOCUME~1\Saw2\LOCALS~1\Temp
TMP=D:\DOCUME~1\Saw2\LOCALS~1\Temp
USERDOMAIN=ReAct_SawFamily
USERNAME=Saw2
USERPROFILE=D:\Documents and Settings\Saw2
windir=D:\WINDOWS

-- User Profiles ---------------------------------------------------------------

SawFamily (admin)
Saw2 (admin)
Administrator (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> "D:\Program Files\Creative\SBAudigy\Program\Setup.exe" /S /U /W
--> D:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{4F6DFDC8-7EAA-4B9B-AC3A-AE04F77D81CF}\Setup.exe" -l0x9
--> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9
--> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9 /remove
--> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{34EBD418-B8E6-4E86-89C4-33B72CF5663F}\setup.exe" -l0x9
--> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{34EBD418-B8E6-4E86-89C4-33B72CF5663F}\setup.exe" -l0x9 /remove
--> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{52338F65-A1C3-4CDC-B733-50051682B297}\setup.exe" -l0x9
--> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{52338F65-A1C3-4CDC-B733-50051682B297}\setup.exe" -l0x9 /remove
--> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{569A9538-86EC-44C3-8EE4-C68B165F2A75}\setup.exe" -l0x9
--> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{569A9538-86EC-44C3-8EE4-C68B165F2A75}\setup.exe" -l0x9 /remove
--> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{5B17E626-7885-4FC3-A66A-73548A4F01FD}\setup.exe" -l0x9
--> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{5B17E626-7885-4FC3-A66A-73548A4F01FD}\setup.exe" -l0x9 /remove
--> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9
--> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9 /remove
--> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9
--> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9 /remove
--> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{9194237B-7B58-40B4-A739-184AD59531A2}\setup.exe" -l0x9
--> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{9194237B-7B58-40B4-A739-184AD59531A2}\setup.exe" -l0x9 /remove
--> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{BD6928A2-9F8F-4AA7-9A3A-FD4A271712EE}\setup.exe" -l0x9
--> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{BD6928A2-9F8F-4AA7-9A3A-FD4A271712EE}\setup.exe" -l0x9 /remove
--> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{DE4A4C48-2232-4CCB-AD61-490ACD29BA85}\setup.exe" -l0x9
--> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{DE4A4C48-2232-4CCB-AD61-490ACD29BA85}\setup.exe" -l0x9 /remove
--> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{F90CBE30-7269-465D-AB66-0DCF33CE3618}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 D:\WINDOWS\INF\PCHealth.inf
?? 5.6.8.329 --> D:\Program Files\Thunder\uninst.exe

? 4.6.5 --> "D:\Program Files\TTPlayer\uninst.exe"
?orrent --> "D:\Program Files\uTorrent\uninstall.exe"
ÂµTorrent --> "D:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
AC3Filter (remove only) --> D:\Program Files\AC3Filter\uninstall.exe
ACDSee 5.0 PowerPack --> MsiExec.exe /I{5058B085-AA79-41E5-A726-681B4C4B846E}
Adobe Acrobat 5.0 --> D:\WINDOWS\ISUNINST.EXE -f"D:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"D:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Download Manager 2.0 (Remove Only) --> "D:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player Plugin --> D:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70700000002}
AVI/MPEG/ASF/WMV Splitter 2.31 --> "D:\Program Files\AVI MPEG ASF WMV Splitter\unins000.exe"
AviScreen Classic Version 1.3 --> "G:\Program Files\AviScreen classic\unins000.exe"
BitComet 0.59 --> D:\Program Files\BitComet\uninst.exe
Borland JBuilder 7 Personal --> G:\JBuilder7\UninstallPersonal\UninstallPersonal.exe
CCleaner (remove only) --> "D:\Program Files\CCleaner\uninst.exe"
CleanUp! --> D:\Program Files\CleanUp!\uninstall.exe
Creative Mass Storage Drivers --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{F90CBE30-7269-465D-AB66-0DCF33CE3618}\setup.exe" -l0x9 /remove
Creative System Information --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Deluge --> G:\Program Files\Deluge\deluge-uninst.exe
DFE-530TX Driver --> D:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F2BB456F-C07B-4EDE-975F-4D6DED19750A}
DivX --> D:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player --> D:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DreamMP3 Kit --> MsiExec.exe /I{A418A3B3-ACD0-4D77-A37C-4CF4F5B3AEE2}
EA SPORTS online 2006 --> G:\Program Files\EA SPORTS\EA SPORTS online\EASOUNInstaller.exe
FIFA 07 --> G:\Program Files\EA SPORTS\FIFA 07\EAUninstall.exe
FLV Player 1.3.3 --> "D:\Program Files\FLVPlayer\uninstall.exe"
Google Earth --> MsiExec.exe /I{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}
Hamachi 1.0.1.3 --> D:\Program Files\Hamachi\uninstall.exe
HijackThis 2.0.2 --> "D:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Ink --> MsiExec.exe /I{9FCB2876-554D-491D-A2CD-58F8252D6C64}
Intel Performance Power Manager --> MsiExec.exe /I{E65E367B-B25C-4FF8-B270-D5277E7CF1B0}
Intel® Active Monitor --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{2E861EC9-FCB8-11D3-939A-00A0C9BA5A55}\setup.exe"
Intel® Extreme Graphics Driver --> RUNDLL32.EXE D:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Java 2 Runtime Environment, SE v1.4.2_06 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142060}
Java(tm) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Kaspersky Anti-Virus 7.0 --> MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}
Kaspersky Anti-Virus 7.0 --> MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Magic ISO Maker v5.4 (build 0251) --> G:\PROGRA~1\MAGICISO\UNWISE.EXE G:\PROGRA~1\MAGICISO\INSTALL.LOG
MakeTorrent v2.1 --> "D:\Program Files\Maketorrent 2\uninstall.exe"
Matroska Pack - Lazy Man's MKV 0.94 (2004-11-11) --> "D:\Program Files\LD-Anime\unins000.exe"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "D:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs --> MsiExec.exe /X{90120000-00B2-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Windows Application Compatibility Database --> D:\WINDOWS\system32\sdbinst.exe -u "D:\WINDOWS\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb"
Monkey's Audio --> "D:\Program Files\Monkey's Audio\unins000.exe"
Mozilla Firefox (2.0.0.6) --> D:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection D:\WINDOWS\INF\msninst.inf,Uninstall
Nero 6 Demo --> D:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NVIDIA Drivers --> D:\WINDOWS\system32\nvudisp.exe UninstallGUI
OCX files for MThree Development Software --> D:\WINDOWS\unins000.exe
piaip AppLocale --> MsiExec.exe /I{394BE3D9-7F57-4638-A8D1-1D88671913B7}
Picasa 2 --> "D:\Program Files\Picasa2\Uninstall.exe"
PSP Video 9 2.25 --> D:\Program Files\Red Kawa\Video Converter\uninstaller.exe
QuickTime --> D:\WINDOWS\unvise32qt.exe D:\WINDOWS\System32\QuickTime\Uninstall.log
QuickTime Alternative 1.47 --> "D:\Program Files\QuickTime Alternative\unins000.exe"
RealPlayer --> D:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RO English Edition --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{DBC02424-BB58-4244-83A8-24B2709408EB}\setup.exe" -l0x9 -removeonly
RO English Edition - PK Server --> MsiExec.exe /I{06452F21-F150-46C0-A931-6E0AAEBAAC68}
Samsung ML-2010 Series --> D:\WINDOWS\Samsung\ML-2010\SETUP.EXE
Skypeâ„¢ 3.5 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sony Ericsson Communications Suite --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{B8BC806D-0703-11D4-BB23-006008676AF8}\setup.exe" -l0x9 -l0009 --remove=y
Sony Ericsson Image Editor --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{05E9F134-07C9-4249-9B80-EE5D975F201B}\setup.exe" -l0x9 -l0009 --remove=y
SopCast 1.1.2 --> C:\Program Files\SopCast\uninst.exe
SopCore 1.1.2 --> D:\Program Files\SopCast\uninst.exe
Sound Blaster Audigy --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}\SETUP.EXE" -l0x9 /remove
SpywareBlaster v3.5.1 --> "D:\Program Files\SpywareBlaster\unins000.exe"
Storm Codec --> D:\Program Files\Ringz Studio\Storm Codec\uninst.exe
TuneUp Utilities 2008 --> MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
Viewpoint Media Player --> D:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Winamp (remove only) --> "D:\Program Files\Winamp\UninstWA.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows XP Creativity Fun Packs - Windows Movie Maker 2 --> MsiExec.exe /X{DA2D4D11-1811-4A24-B719-BF9F048C6106}
WinMX --> D:\Program Files\WinMX\uninstall.exe
WinRAR archiver --> D:\Program Files\WinRAR\uninstall.exe
XingMPEG Player --> D:\PROGRA~1\XING\XINGMP~1\UNINST.EXE D:\PROGRA~1\XING\XINGMP~1\INSTALL.LOG
Yahoo! Address AutoComplete --> D:\WINDOWS\System32\regsvr32 /u /s D:\PROGRA~1\Yahoo!\Common\yaddbook.dll

-- Application Event Log -------------------------------------------------------

Event Record #/Type192 / Error
Event Submitted/Written: 02/29/2008 09:24:56 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x00000073.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type185 / Error
Event Submitted/Written: 02/28/2008 07:58:42 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x002702de.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type177 / Error
Event Submitted/Written: 02/26/2008 10:32:12 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x001501d5.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type175 / Error
Event Submitted/Written: 02/26/2008 08:58:06 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type174 / Error
Event Submitted/Written: 02/26/2008 08:57:18 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module mshtml.dll, version 6.0.2900.2873, fault address 0x00163f45.
Processing media-specific event for [iexplore.exe!ws!]

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type22046 / Error
Event Submitted/Written: 03/01/2008 02:57:25 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.

Event Record #/Type22040 / Error
Event Submitted/Written: 03/01/2008 09:15:51 AM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Event Record #/Type22039 / Error
Event Submitted/Written: 03/01/2008 09:15:51 AM
Event ID/Source: 17 / W32Time
Event Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Event Record #/Type22034 / Error
Event Submitted/Written: 02/29/2008 04:11:06 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.

Event Record #/Type22026 / Error
Event Submitted/Written: 02/29/2008 09:19:59 AM
Event ID/Source: 10010 / DCOM
Event Description:
The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.

-- End of Deckard's System Scanner: finished at 2008-03-01 19:43:48 ------------

Thank you.

guestolo · « **Reply #4 on:** March 02, 2008, 12:06:22 AM »

I want another log please
If you have a version of Combofix, delete it

Then, Download this file - Combofix.exe and save it ONLY to your desktop

Temporarily disable Kaspersky's realtime protections before proceeding

Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
By default it will save a copy to C:\Combofix.txt
I'll need to see this log later
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post the log from Combofix along with a fresh hijackthis log

szaku · « **Reply #5 on:** March 03, 2008, 04:01:39 AM »

This is the ComboFix Log :

ComboFix 08-03-03.6 - Saw2 2008-03-03 17:06:35.1 - [color=\"red\"]FAT32[/color]x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.613 [GMT 8:00]
Running from: D:\Documents and Settings\Saw2\Desktop\ComboFix.exe
* Created a new restore point

[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
D:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://pic28.pic.wretch.cc
hxxp://www.wretch.cc
.
((((((((((((((((((((((((( Files Created from 2008-02-03 to 2008-03-03 )))))))))))))))))))))))))))))))
.

2008-03-01 19:40 . 2008-03-01 19:40   <DIR>   d--------   D:\Deckard
2008-03-01 19:39 . 2008-03-01 19:39   <DIR>   d--------   D:\Program Files\Trend Micro
2008-02-29 12:24 . 2008-02-29 12:24   <DIR>   d--hs----   D:\FOUND.044
2008-02-25 17:10 . 2008-02-25 17:10   <DIR>   d--hs----   D:\FOUND.043
2008-02-24 11:56 . 2008-02-24 11:56   <DIR>   d--------   D:\Program Files\MSECache
2008-02-17 16:29 . 2008-02-17 16:29   <DIR>   d--------   D:\Documents and Settings\Saw2\pdftohtml
2008-02-05 13:13 . 2008-02-05 13:13   <DIR>   d--------   D:\Program Files\backups

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-03 04:19   6,440   --sha-w   D:\WINDOWS\system32\drivers\fidbox.idx
2008-03-03 04:19   5,552   --sha-w   D:\WINDOWS\system32\drivers\fidbox2.idx
2008-03-03 04:19   450,560   --sha-w   D:\WINDOWS\system32\drivers\fidbox.dat
2008-03-03 04:19   167,936   --sha-w   D:\WINDOWS\system32\drivers\fidbox2.dat
2008-02-25 09:15   74,385   ----a-w   D:\WINDOWS\system32\drivers\fwdrv.err
2008-02-05 05:12   5,244   ----a-w   D:\Program Files\hijackthis.log
2008-02-04 15:31   91,700   ----a-w   D:\WINDOWS\system32\drivers\klin.dat
2008-01-28 11:55   306,432   ----a-w   D:\WINDOWS\system32\TuneUpDefragService.exe
2008-01-28 11:55   ---------   d-----w   D:\Documents and Settings\Saw2\Application Data\TuneUp Software
2008-01-28 11:54   ---------   d-----w   D:\Program Files\TuneUp Utilities 2008
2008-01-28 11:54   ---------   d-----w   D:\Program Files\Common Files\Wise Installation Wizard
2008-01-20 02:55   ---------   d-----w   D:\Documents and Settings\Saw2\Application Data\uTorrent
2008-01-19 12:36   ---------   d-----w   D:\Documents and Settings\Saw2\Application Data\gtk-2.0
2007-12-20 02:41   29,440   ----a-w   D:\WINDOWS\system32\uxtuneup.dll
2006-03-23 10:28   41,936   ----a-w   D:\Documents and Settings\SawFamily\Application Data\GDIPFONTCACHEV1.DAT
2005-10-10 06:13   218,112   ----a-w   D:\Program Files\HijackThis.exe
2007-09-01 09:53   11,532   --sha-w   D:\WINDOWS\system32\KGyGaAvL.sys
2006-05-03 09:06   163,328   --sh--r   D:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47   31,232   --sh--r   D:\WINDOWS\system32\msfDX.dll
.

------- Sigcheck -------

537f2982b94ee78f3d12415aae6c10b8 D:\WINDOWS\system32\drivers\tcpip.sys
----a-w 359,808 2006-01-12 10:28:14 D:\WINDOWS\system32\drivers\tcpip.sys
------w 359,936 2005-05-25 04:07:12 D:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
------w 360,448 2006-01-13 01:07:08 D:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
------w 359,040 2004-08-03 15:14:40 D:\WINDOWS\ServicePackFiles\i386\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2006-06-01 17:22 1519616 D:\WINDOWS\system32\nwiz.exe]
"P17Helper"="P17.dll" [2005-05-02 20:38 64512 D:\WINDOWS\system32\P17.dll]
"CTSysVol"="D:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-02-15 16:10 57344]
"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2006-06-01 17:22 7618560]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51 218376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="D:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-24 05:18 443968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 00:56 53760 D:\WINDOWS\system32\narrator.exe]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableCMD"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=D:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk
backup=D:\WINDOWS\pss\BTTray.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^Saw2^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=D:\Documents and Settings\Saw2\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=D:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 08:24 1694208 D:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-09-13 13:31 22880040 D:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SRS Audio Sandbox]
G:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=D:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"D:\\Program Files\\Thunder\\Program\\Thunder5.exe"=
"D:\\Program Files\\Messenger\\MSMSGS.EXE"=
"D:\\Program Files\\uTorrent\\utorrent.exe"=
"D:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"D:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 NPPTNT;NPPTNT;D:\WINDOWS\System32\npptNT.sys [2003-07-21 23:14]
R2 UxTuneUp;TuneUp Theme Extension;D:\WINDOWS\System32\svchost.exe [2004-08-04 00:56]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;D:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S3 dump_wmimmc;dump_wmimmc;D:\WINDOWS\system32\drivers\dump_wmimmc.sys []
S3 StMp3Rec;Player Recovery Device Control Driver;D:\WINDOWS\system32\Drivers\StMp3Rec.sys [2005-08-16 11:23]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;D:\WINDOWS\System32\TuneUpDefragService.exe [2008-01-28 19:55]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4cdac206-cdca-11da-af7c-000d8817be50}]
\Shell\Auto\command - autoregistry.exe
\Shell\AutoRun\command - D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autoregistry.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-02-29 09:18:12 D:\WINDOWS\Tasks\1-Click Maintenance.job"
- D:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-03 17:08:34
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-03 17:09:21
ComboFix-quarantined-files.txt 2008-03-03 09:09:20

Fresh HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:10:34 PM, on 3/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\WINDOWS\system32\notepad.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - D:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: ThunderBHO - {06849E9E-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\PROGRA~2\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [CTSysVol] D:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124520174296
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://playroom.icq.com/odyssey_web11.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\PROGRA~2\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - D:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 5248 bytes

guestolo · « **Reply #6 on:** March 03, 2008, 10:38:30 PM »

One more log please
I want to ensure I see everything
supply Hosts file list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open HOSTS FILE MANAGER
Click the OPEN IN NOTEPAD... button
Copy>>Paste back here of the contents of the notepad file

szaku · « **Reply #7 on:** March 04, 2008, 04:57:07 AM »

It has online 1 line in there.
127.0.0.1 localhost

guestolo · « **Reply #8 on:** March 04, 2008, 09:33:30 AM »

Can you try the following
Download the Flash_Disinfector.exe from here and save to desktop
http://www.techsupportforum.com/sectools/s...Disinfector.exe
Run Flash_Disinfector.exe, Follow the prompts
Insert any removable flash drives you may have when prompted

Reboot the computer afterwards

Does taskbar still load slowly?

szaku · « **Reply #9 on:** March 04, 2008, 11:59:47 PM »

After running that software, i restarted and it takes quite sometime to load the taskbar too, i think approximately 5 mins.
It's very strange that it happens once a while, maybe the next time i start my computer it wont be that long. Sometimes it will take 5 mins. Do hardware have anything to do with this? I'm using Creative sound card and sometimes when i start my computer, the "Sound" icon on the right side of taskbar does not appear, and sometimes it does appear.

guestolo · « **Reply #10 on:** March 05, 2008, 08:54:46 AM »

Let's try the following

Go to the following link
http://support.microsoft.com/kb/310353

Follow STEP 1 & 2 to perform a clean boot

See if the taskbar loads quicker

If it does, we'll try and narrow it down
This is just for a troubleshooting step, so try rebooting a few time with everything disabled before selecting Normal startup again

szaku · « **Reply #11 on:** March 07, 2008, 11:06:05 AM »

I have not do the clean boot yet cause not free recently. I used the TuneUp Utilities 2008 before, last week i think. I used the Free Harddisk Space function, and it deleted my System Restore files. Will it have effect on my comp ?

TheTechGuide Forum

News:

Author Topic: Slow Loading of Taskbar (Read 1496 times)

szaku

Slow Loading of Taskbar

szaku

Slow Loading of Taskbar

guestolo

Slow Loading of Taskbar

szaku

Slow Loading of Taskbar

guestolo

Slow Loading of Taskbar

szaku

Slow Loading of Taskbar

guestolo

Slow Loading of Taskbar

szaku

Slow Loading of Taskbar

guestolo

Slow Loading of Taskbar

szaku

Slow Loading of Taskbar

guestolo

Slow Loading of Taskbar

szaku

Slow Loading of Taskbar